19 matches found
CVE-2025-14070
The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sendtestemail' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2025-14070
CVE-2025-14070 – Reviewify (Review Discounts & Photo/Video Reviews for WooCommerce) : The WordPress Reviewify plugin versions up to 1.0.6 are vulnerable due to a missing capability check on the send_test_email AJAX action. This allows authenticated attackers with Contributor-level access or highe...
WordPress Reviewify plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary WooCommerce Coupon Creation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Reviewify versions = 1.0.6...
EUVD-2025-4815
Malicious code in bioql PyPI...
CVE-2024-13316
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...
CVE-2024-13316
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...
CVE-2024-13316
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...
CVE-2024-13316 Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...
CVE-2024-13316
CVE-2024-13316 affects the Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress. The issue is an unauthorized access vulnerability caused by a missing capability check in the apmswn_create_discount() function, present in...
CVE-2024-13316 Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...
PT-2025-6540 · WordPress · Scratch & Win – Giveaways/Contests
Name of the Vulnerable Software and Affected Versions: Scratch & Win – Giveaways and Contests plugin for WordPress versions up to, and including, 2.8.0 Description: The issue is related to a missing capability check on the apmswn create discount function, allowing unauthorized access. This enable...
WordPress Scratch & Win – Giveaways and Contests plugin <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation vulnerability
Missing Authorization to Unauthenticated Coupon Creation vulnerability discovered by Peter Thaleikis in WordPress Plugin Scratch & Win – Giveaways and Contests versions = 2.8.0...
PT-2025-1777 · WordPress · The Coupon X: Discount Pop Up
Name of the Vulnerable Software and Affected Versions: The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress versions up to, and including, 1.3.5 Description: The issue is related to missing capability checks on several functions in the...
CVE-2020-36841 WooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon Creation
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommercecouponadmininit function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates ...
Exploit for Cross-Site Request Forgery (CSRF) in Creativeitem Academy_Lms
CVE-2022-47130 Academy LMS = 5.10 CSRF Description Acad...
WordPress Smart Online Order for Clover plugin <= 1.5.5 - CSRF Leading to Coupon Creation/Modification vulnerability
CSRF Leading to Coupon Creation/Modification vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Smart Online Order for Clover versions = 1.5.5...
CVE-2022-47130
A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page...
CVE-2022-47130
CVE-2022-47130 concerns a CSRF vulnerability in the Academy LMS prior to version 5.10 . The issue: an attacker with administrative privileges can trigger a request via a crafted CSRF page, allowing arbitrary creation of discount coupons. Affected component is the web application’s coupon/discount...
WordPress WooCommerce Smart Coupons premium plugin <= 4.6.0 - Unauthenticated Coupon Creation vulnerability
Unauthenticated Coupon Creation vulnerability discovered by WordFence in WordPress WooCommerce Smart Coupons premium plugin versions = 4.6.0. Solution Update the WordPress WooCommerce Smart Coupons premium plugin to the latest available version at least 4.6.5...